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REMARKS 
Claims 1- 42 are pending in the Application. 
Claims 1-42 stand rejected. 

I. EXAMINER INTERVIEW SUMMARY 

The Applicants and Applicants* attorney appreciate the opportunity to discuss the 
Office Action with Examiner Collins on November 6, 2003. Examiner Collins e^qpressed 
his concern with the breadth of terms like "data structure" as recited in the claims. The 
AppKcants have addressed hereinbelow the distinctions between the claimed inventions 
and the applied reference. The Applicants and AppKcants' attomey thank Examiner 
Collins for his efforts in examining the appKcation. 

II. REJECTION UNDER 35 U.S.C. S 1 12, SECOND PARAGRAPH 

Claims 2 and 3 have been rejected under 35 U.S.C. § 1 12, second paragraph as 
being indefinite for failing to particularly point out that which the Applicant regards as the 
invention. The Examiner asserts that there is insufficient antecedent basis for the terms 
"the plurality of attributes" appearing therein. Claims 2 and 3 have been rewritten 
accordingly. The Applicant respectfully requests that the rejection of claims 2 and 3 
under 35 U.S.C. § 1 12, second paragraph be withdrawn. 

III. REJECTION UNDER 35 U.S.C. S 102 

Claims 1-42 have been rejected under 35 U.S.C. § 102 as being anticipated by 
Netscape Communication Corporation, "Planning and Deploying a Single Sign-On 
Solution.," (hereinafter, ''Netscape SSO''). The applicant respectfully traverses the 
rejection of claims 1-42 under 35 U.S.C. § 102. 

Claim 1 is directed to a method for global sign-on (GSO) including receiving a 
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user login, determining an existence of a first directory entry corresponding to the user 
in response to a first Lightweight Directory Access Protocol (LDAP) message, and 
logging the user into one or more data processing services in response to one or more 
corresponding second directory entries, and wherein each of the first and second directory 
entries represents a data structure in accordance with a corresponding first and second 
predetermined LDAP schema object. The Examiner asserts that Netscape SSO teaches 
all of the limitations of claim 1 including logging the user into one or more data 
processing services in response to one or more corresponding second directory entries in 
disclosing strong authentication. (Paper No. 3, page 3) (citing Netscape SSO, pages 5-6). 

This is incorrect. The teaching with respect to strong authentication discloses 
connecting, via a SSL connection, to a server for evaluating ACLs (Access Control Lists) 
using a certificate rather than a password to authenticate the user in which a certificate 
is maintained in an LDAP entry for the user. (Netscape SSO, pages 3-6). These 
teachings fiirther describe authentication of a client using a certificate rather than multiple 
passwords using a database of private keys on a client to generate a user certificate and 
digital signature to a server that uses the certificate and digital signature to authenticate 
the user's identity; the server then checks that the user's directory entry contains the same 
certificate presented to the server. If successful, the server uses its ACLs to grant access 
to a requested resource. (Netscape SSO, pages 3-6.) The express teaching of Netscape 
SSO directly contradicts the Examiner's allegation. The ACLs are not LDAP directory 
entries, but belong to the SuiteSpot server. (Netscape SSO, page 5, and Figure 3.) 
Additionally, the Examiner asserts that Netscape SSO teaches that the first and second 
directory entries represents a data structure in accordance with a corresponding first and 
second predetermined LDAP schema object in disclosing LDAP tree hierarchy and entry 
attributes, and mapping DNs to an LDAP entry. (Paper No. 3, page 3) (citing Netscape 
SSO, pages 8 and 15-16). This is also incorrect. With respect to the LDAP tree hierarchy 
and entry attributes, Netscape SSO teaches that data in an LDAP directory is arranged in 
a directory tree and that it is inportant to consider the long-term irrplications of the tree 
structure. (Netscape SSO, page 8.) Netscape SSO fiirther teaches that it is important to 
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inportant to think about the kinds of information the directory will contain; this decision 
affects both the tree hierarchy and the attributes of each entry, and, for example, entries 
for people require different treatment than entries for servers or other devices. {Netscape 
SSO, page 8.) The plain terms of the teaching are seen to contain no reference to first and 
second directory entries represents a data structure in accordance with a corresponding 
first and second predetermined LDAP schema object. With respect to the teaching in 
Netscape SSO respecting mapping DNs to an LDAP entry, the reference teaches the use 
of a client certificate to map to an LDAP entry, and matching the client certificate with 
a certificate fi^om a matching entry (if any). (Netscape SSO^ page 15.) The teaching 
relied upon further discloses the use of ACLs in the SuiteSpot server to determine access 
to a requested resource. (Netscape SSO, pages 15-16.) Again, the express teaching of 
the reference contradicts the Examiner's allegations. Anticipation requires that a single 
prior art reference teach the identical invention as in the claim. MPEP §2131. Because 
Netscape SSO does not teach the identical invention of claim 1, Netscape SSO does not 
anticipate claim 1 . Therefore, claim 1 is allowable under 35 U.S.C. § 102 over Netscape 
SSO. 

Claim 2 is directed to the method of claim 1 wherein each of the corresponding 
second predetermined LDAP schema objects has one or more predetermined attributes, 
each of the one or more attributes having a set of one or more values, and wherein a first 
one of the one or more attributes is operable for initiating a corresponding one of the data 
processing services. Claim 2 has been rejected on the same teaching in Netscape SSO 
relied upon in rejecting claim 1 . (Paper No 3, page 3.) Again, the express teaching of the 
reference incontrovertibly teaches the use of ACLs in the SuiteSpot server to determine 
access to resources. (See e.g. Netscape SSO, pages 15-16.) Moreover, it is 
incontrovertible that the reference teaches that SuiteSpot server is distinct form the 
directory server. (See e.g. Netscape SSO, Figure 3.) Plainly, the Examiner has not 
identified teaching in Netscape SSO disclosing the limitations of claim 2. Because 
Netscape SSO does not teach the identical invention of claim 2, Netscape SSO does not 
anticipate claim 2. Therefore, claim 2 is allowable under 35 U.S.C. § 102 over Netscape 
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sso. 

Claim 3 recites the method of claim 2 wherein the step of logging the user into one 
or more data processing systems is in response to &st one of the one or more attributes 
having a first predetermined data value. Claim 3 has also been rejected on teaching in 
Netscape SSO disclosing that the SuiteServer maps the user's identity to a unique entry 
in the LDAP directory and checks that the entry contains the same certificate that was 
presented to the server, and that if the LDAP lookup is successfixl, SuiteServer continues 
evaluating its ACLs to determine whether the identified user is permitted to access the 
requested resource. (Paper No. 3, page 3) (citing Netscape SSO, If^ 5,6 pages 5-6). 
Again the plain teaching of the reference is not seen to disclose the limitations of claim 
3 . Because Netscape SSO does not teach the identical invention of claim 3, Netscape SSO 
does not anticipate claim 3, Therefore, claim 3 is allowable under 35 U.S.C. § 102 over 
Netscape SSO, 

Claim 4 is directed to the method of claim 1 wherein the step of logging the user 
into the one or more data processing services includes, for each data processing service, 
reading a user identifier (UID) and a password fi*om a corresponding one of the second 
directory entries, and logging in the user using the UID and the password. Claim 4 has 
been rejected on the ground that Netscape SSO teaches the limitations of claim 4 in 
disclosing strong authentication. (Paper No. 3, page 4) (citing Netscape SSO, pages 3-6). 

The Applicant has discussed the teaching relied upon in addressing the rejection of claim 
1 . The aforementioned teaching discloses connecting, via a SSL connection, to a server 
for evaluating ACLs (Access Control Lists) using a certificate rather than a password to 
authenticate the user in which a certificate is maintained in an LDAP entry for the user. 

(Netscape SSO, pages 3-6). These teachings fiirther describe authentication of a client 
using a certificate rather than multiple passwords using a database of private keys on a 
client to generate a user certificate and digital signature to a server that uses the certificate 
and digital signature to authenticate the user's identity; the server then checks that the 
user's directory entry contains the same certificate presented to the server. If successful, 
the server uses its ACLs to grant access to a requested resource. (Netscape SSO, pages 
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3-6.) By the plain terms of the teaching, there is nothing identified therein that discloses 
the limitation of claim 4. Additionally, the Examiner is respectfully reminded that when 
a reference is con^lex or shows or describes inventions other than that claimed by the 
applicant, the particular part relied on must be designated as nearly as practicable. 37 
C.F.R. § 1 .104(c)(2). Because Netscape SSO does not teach the identical invention of 
claim 4, Netscape SSO does not anticipate claim 4. Therefore, claim 4 is allowable under 
35 U.S.C. § 102 ovGT Netscape SSO. 

Claim 5 recites the method of claim 1 and further including the step of starting the 
one or more data processing services in response to one or more third directory entries, 
each of the third directory entries representing a data structure in accordance with a 
corresponding third predetermined LDAP schema object. Claim 5 has been rejected on 
the same teaching in Netscape SSO with respect to client authentication and single sign-on 
relied upon in rejecting claim 4. (See Paper No. 3, page 4.) The Examiner further relies 
on the same teaching with respect to the LDAP tree hierarchy and Mapping DNs relied 
upon in rejecting, inter alia, claim 1. {See Paper No. 3, pages 3-4.) The Examiner 
further states, without a scintilla of support that "initiating" is the same as "starting." 
(Paper No. 3, page 4.) Such a statement out of context is meaningless ~ claim 5 does not 
recite "starting" without more. This is evidenced by the fact that a search on an electronic 
version of Netscape SSO returns no instance of "initiating" and the only instance of 
"starting" is in the context of verifying certificate chains. {See Netscape SSO, page 12.) 
The teachings relied upon have been addressed hereinabove in conjunction with, at least, 
claims 1 and 4. These teaching, by the plain terms thereof, are not seen to teach the 
limitations of claim 5. Because Netscape SSO does not teach the identical invention of 
claim 5, Netscape SSO does not anticipate claim 5. Therefore, claim 5 is allowable under 
35 U.S.C. § 102 over Netscape SSO. 

Claim 6 is directed to the method of claim 5 and further including the step of 
invoking an initialization routine corresponding to each of the data processing services, 
wherein each of the corresponding third predetermined LDAP schema objects includes 
a set of one or more attributes, and wherein the initialization routine is determined in 
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response to a value of a first attribute of the set of one or more attributes. Claim 6 has 
been rejected on the same assertions as made with respect to claim 5. (See Paper No. 3, 
page 4.) Again, the plain terms of the teaching are not seen to contain the limitations of 
claim 6 whatsoever. The Examiner has identified nothing in Netscape SSO disclosing, for 
example, invoking an initialization routine, much less an initialization routine as recited 
in claim 6. Because Netscape SSO does not teach the identical invention of claim 6, 
Netscape SSO does not anticipate claim 6. Therefore, claim 6 is allowable under 35 
U.S.C. § 102 over Netscape SSO. 

Claim 7 is directed to the method of claim 1 wherein the step of logging the user 
into one or more data processing services includes the step of determining if a first one 
of the data processing services requires a prerequisite service. Claim 7 has been rejected 
on the same teaching in Netscape SSO reKed upon in rejecting, inter alia, claim 4. (Paper 
No. 3, pages 4-5.) The Examiner also relies on inherency, asserting that "inherently every 
task or service that is required to perform prior to the desired task or service must 
execute before the desired task or service." (Paper No. 3, page 5.) The teachings in 
Netscape SSO relied upon have previously been addressed. By the plain terms thereof, 
these teachings are not seen to disclose the limitations of claim 7. With respect to the 
Examiner's rehance on inherency, this reliance is misplaced for several reasons. The 
allegedly inherent characteristic does not address the limitation of claim 7 Claim 7 does 
not recite executing a task or service that is required to perform prior to the desired task 
or service. Additionally, inherency is not determined on the basis of unsupported 
Examiner allegations. The Examiner must provide evidence that the allegedly inherent 
characteristic is necessarily present in the thing disclosed, and would be recognized as 
such by one of ordinary skill on the art. MPEP § 21 12. For at least these reasons, the 
Examiner has not shown that Netscape SSO teaches the identical invention of claim 7. 
Therefore, Netscape SSO does not anticipate claim 7 and claim 6 is allowable under 35 
U.S.C. § 102 over Netscape SSO. 

Claim 8 recited the method of claim 7 in which each of the corresponding second 
predetermined LDAP schema objects has one or more predetermined attributes, each of 



15 



AUS-00-0174US1 



PATENT 



the one or more attributes having a set of one or more values, and wherein determining 
if the first one of the data processing services requires a prerequisite service is in response 
to a preselected value of a first one of the one or more attributes. Claim 8 has been 
rejected on the same teaching in Netscape SSO relied upon in rejecting, inter alia, claim 
5 and the inherency asserted with respect to claim 7. (See Paper No. 3, page 5.) As 
previously discussed, the Examiner's reliance on inherency is misplaced, and the by the 
plain terms of the teachings, are not seen to teach the limitations of claim 8. The 
Examiner is respectfully reminded that when a reference is complex or shows or 
describes inventions other than that claimed by the applicant, the particular part relied on 
must be designated as nearly as practicable. 37 C.F.R. § 1 .104(c)(2). Because Netscape 
SSO does not teach the identical invention of claim 8, Netscape SSO does not anticipate 
claim 8. Therefore, claim 8 is allowable under 35 U.S.C. § 102 over Netscape SSO. 

Claim 9 recites the method of claim 1 wherein the step of logging said user into 
one or more data processing services includes the step of determining if a first one of said 
data processing services takes an identifier value. Claim 9 has been rejected on teaching 
in Netscape SSO disclosing a server authorizes access by evaluating ACLs. (Paper No 
3, page 5) (citing Netscape SSO, Figure 2, step 4 and Figure 3, step 6). Plainly, a 
teaching of evaluating ACLs does not teach determining if a first one of the data 
processing services takes an identifier value as recited in claim 9. Because Netscape SSO 
does not teach the identical invention of claim 9, Netscape SSO does not anticipate claim 
9. Therefore, claim 9 is allowable under 35 U.S.C. § 102 over Netscape SSO. 

Claim 10 recites the method of claim 9 wherein determining if a first one of said 
data processing services takes an identifier value is in response to a fourth directory entry, 
said fourth directory entry representing a data structure in accordance with a 
corresponding fourth predetermined LDAP schema object. Claim 10 has been rejected 
on the same assertions made with respect to claim 9 and the teachings rehed upon in 
rejecting, inter alia, claim 5. (See Paper No. 3, page 5.) All of these assertions have been 
previously addressed and by the plain terms of the disclosure in Netscape SSO, the 
Examiner has failed to identify teachings in the reference that disclose the identical 
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invention of claim 10. Because Netscape SSO does not teach the identical invention of 
claim 10, Netscape SSO does not anticipate claim 10. Therefore, claim 10 is allowable 
under 35 U.S.C. § 102 over Netscape SSO. 

Claim 1 1 recites the method of claim 10 wherein the fourth predetermined LDAP 
schema object has one or more predetermined attributes, each of the one or more 
attributes having a set of one or more values, and wherein determining if the &st one of 
said data processing services takes an identifier value is in response to a preselected value 
of a first one of said one or more attributes. Claim 1 1 has been on the same teaching in 
Netscape SSO relied upon in rejecting claim 10. (See Paper No. 3, pages 5-6.) All of 
these assertions have been previously addressed and by the plain terms of the disclosure 
in Netscape SSO, the Examiner has failed to identify teachings in the reference that 
disclose the identical invention of claim 1 1 . Because Netscape SSO does not teach the 
identical invention of claim 11, Netscape SSO does not anticipate claim 11. Therefore, 
claim 1 1 is allowable under 35 U.S.C. § 102 over Netscape SSO. 

Claim 12 is directed to the method of claim 1 1 and fiuther including invoking an 
initialization routine corresponding to said first data processing service in response to an 
attribute value in a third directory entry corresponding to said first data processing 
service, said third directory entry representing a data structure in accordance with a 
corresponding third predetermined LDAP schema object, said initialization routine being 
determined in response to said attribute value, and wherein said identifier value is passed 
to said initialization routine. Claim 12 has been rejected on the same teaching in Netscape 
SSO as relied upon in rejecting, inter alia, claim 11. All of these assertions have been 
previously addressed. Referring to the plain terms of the disclosure in Netscape SSO, the 
Examiner has failed to identify teachings in the reference that disclose the identical 
invention of claim 12. Because Netscape SSO does not teach the identical invention of 
claim 12, Netscape SSO does not anticipate claim 12. Therefore, claim 12 is allowable 
under 35 U.S.C. § 102 over Netscape SSO. 

Claims 13 and claim 14 recite the method of claim 9 in which, respectively, the 
identifier value is a required identifier value and the identifier value is an optional identifier 
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value. The Examiner has rejected claims 13 and 14 on Figures 2 and 3 of Netscape SSO 
, particularly steps 4 and 6, respectively. (Paper No. 3, page 6.) The disclosure in 
Netscape SSO with respect to these teachings have been addressed in conjunction with 
claim 9. This teaching discloses a server authorizing access by evaluating ACLs. The 
Examiner further relies on inherency, asserting that every identifier value or piece of 
required information is inherently either required or optional. The Examiner's reliance on 
inherency fails for several reasons. Claims 13 an 14 do not recite a "required piece of 
information." It is indisputable that where an Examiner has to excise the express term 
fi^om a claim and substitute the Examiner's broad langixage to make the rejection, a prima 
facie showing of anticipation has not been made. Similarly, neither claim 13 nor claim 14 
recite an identifier value is either required or optional. Claim 13 and claim 14 are 
independent of each other, and the Examiner cannot Murphy them into a con:5)osite and 
reject that. Moreover, a showing of inherency requires that the Examiner provide 
evidence that the allegedly inherent characteristic is necessarily present in the thing 
disclosed, and would be recognized as such by one of ordinary skill on the art. MPEP 
§ 2112. Because the Examiner has failed to identify teachings in the reference that 
disclose the identical invention of claims 13 and 14, Netscape SSO does not anticipate 
claim 13 and claim 14. Therefore, claim 13 and claim 14 are allowable under 35 U.S.C. 
§ 102 over Netscape SSO. 

Claims 15-28 have been rejected on the same basis as claims 1-14 as not reciting 
limitations beyond those of claims 1-13, respectively. (Paper No. 3, page 7.) 
Consequently, because Netscape SSO does not teach all of the limitations of each of 
claims 1-14, necessarily he Examiner has not shown that Netscape SSO teaches all of the 
limitations of the respective ones of claims 15-28. Therefore claims 15-28 are not 
anticipated by Netscape SSO and each of claims 15-28 are allowable under 35 U.S.C. 
§ 102 over Netscape SSO. 

Likewise claims 29-42 have been rejected on the same basis as claims 1-14 as not 
reciting limitations beyond those of claims 1-13, respectively. (Paper No. 3, page 7.) 
Consequently, because Netscape SSO does not teach all of the limitations of each of 
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claims 1-14, necessarily he Examiner has not shown that Netscape SSO teaches all of the 
limitations of the respective ones of claims 29-42. Therefore claims 29-42 are not 
anticipated by Netscape SSO and each of claims 29-42 are allowable under 35 U.S. C. 
§ 102 over Netscape SSO. 

IV. CONCLUSION 

As a result of the foregoing, it is asserted by the AppKcants that the remaining 
claims in the Application are in condition for allowance, and respectfully request an early 
allowance of such claims. 

Applicant respectfully request that the Examiner call Applicants* attomey at the 
below listed number if the Examiner believes that such a discussion would be helpful in 
resolving any remaining problems. 

Respectfully submitted, 

WINSTEAD SECHREST & MINICK P C. 

Attomey for Applicants 
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